JP7554197B2 - One-click login procedure - Google Patents

Description

This application is in the field of secure identification during the login process to a computer system of a computer user who logs into the computer system with an anonymous identifier.

Logging into a computer network - the process by which a client computer user is recognized by a server computer and granted access - is almost universally accomplished by entering a username and password into a software application or operating system. This requires a registration process in which the user enters their name, personal identification data and preferences, a chosen username that is often public and is usually associated with the user's name, and a user-defined, user-remembered password known only to the user and the host computer. The registration process takes place at a computer or computer terminal, and the username and password are recorded by the host computer. In use, access is granted to the user by the host computer that matches the string of data entered by the user into the appropriate username and password fields, and the corresponding username and password are recorded in plain text or in encrypted or hashed form at the time of user registration.

However, the proliferation of computer user accounts has created problems that are characteristic of the Internet. Whereas previously a user typically had one school or work computer account, today users must manage dozens of accounts, a process made more difficult by the many host computers requiring users to change passwords frequently. This leads to insecure behaviors such as writing down passwords. Remembering all the passwords in use is a difficult process, and this difficulty can lead to behaviors that reduce security.

Furthermore, in most computer systems that use a user login system based on username and password, the system administrator has the right to access the user's password for resetting, if necessary. This means that the system administrator has the opportunity to reset the username's password to a new value and log in as the user, potentially performing unauthorized or illegal operations under the identity of the unsuspecting user. A password reset process that bypasses the system administrator by sending a password reset link to the user's email address is more secure, but requires the host computer to know the identity of the user. There are other ways to enhance security, such as providing the user with an electronic device that generates a code associated with the current time and requiring the user to enter this session code after the username and password. Such systems are cumbersome, costly, and require access to one new electronic device for each host computer. Recently, smartphones have been used as session code generators, which has significant advantages over dedicated devices, but requires that each application server make a specific login software application available to each computer user, cluttering the smartphone with applications.

Furthermore, there is growing concern about unauthorized or unconsented use of personal data. Computer systems, which typically require users to identify themselves using publicly known usernames and then verify their identity using inherently insecure passwords that may be changed without the user's immediate knowledge, are woefully inadequate for protecting personal data.

Clearly, a new secure login system is needed that can address all of the above issues, and this needs to be done by eliminating the username/password approach altogether. This is especially desirable in computer systems that handle highly sensitive data, such as health, biometric, genetic, ethnic, financial, property, asset, tax, voting, purchase and transaction history data, etc. Managing all of this data in a way that is clearly and securely associated with a person is especially useful when not using a person's name or a personal ID that can be traced back to a person's name.

In the prior art, there have been cases where attempts were made to remove passwords but not usernames.

U.S. Patent No. 8,954,758 replaces passwords with user-generated gestures that are mathematically transformed and interpreted into a string of characters that are added to a login key to complete the full login formula. In other words, U.S. Patent No. 8,954,758 replaces alphanumeric passwords with passwords derived from points in space traced by a human gesture, thus requiring the host computer to store the user name and the full login formula.

US 9,264,423 allows passwordless login by sending a prompt to a pre-registered communication device of the user, such as the user's mobile phone, indicating whether to accept or reject the user's login request initiated on another computer or terminal. The response to the prompt is sent to a login authority server, which sends the user's response to the application server to allow or reject access. This is a complex system, requiring four different computers: the user's client device, where the user session is initiated; the application server, which receives the client's user identifier via a user-editable field as part of the user's login procedure; the login authority server, which receives the application server's user authentication request; and the user device, such as a mobile phone, where the same user receives a confirmation request from the login authority server to accept the login request and respond positively or negatively. Furthermore, the user is identified by a user identifier, which can be a random number or can be selected by the user. The above method requires the application server to know the user name, and all four computers must participate every time a login is attempted.

We have invented a method and apparatus where the login control resides on the user's personal computing device, such as a smartphone, and the login method does not use a traditional username or password of any kind, the user's smartphone number or email address, but only requires the user's computer and one application server. The application server is the server that the user attempts to connect to in order to perform data processing of interest. Upon login, the user remains anonymous to the application server or host computer and is identified only by an anonymous identifier.

The present disclosure describes a device used by a user to log into an application server, designated as a personal computing device, such as a smartphone, tablet, laptop computer, or personal computer. The personal computing device is provided with a processor, memory, a data storage medium, a display device, one or more input devices, such as a keyboard, a pointing device, a camera, a microphone, a motion detector, etc., a communication subsystem, an operating system, a power source, and a means for executing software program instructions. The personal computing device is connected to one or more application servers, such as a host computing system, an enterprise server, a web server, a cloud computing system, etc., via a communication network, such as a private network, a public network, or the Internet.

An application server has essentially the same components as a personal computing device, but its processing power, memory and storage media are significantly greater in capacity, and the application server accesses the communications network over a significantly greater bandwidth to accommodate the simultaneous processing of multiple users.

To verify a user's identity and authenticate the user's personal computing device as a device under the user's control, in one embodiment of the present disclosure, an identity verification server is used, the components and capabilities of which are similar to those of the application server described above.

To process data in the manner described in this disclosure, the participating computers are programmed with computer programs specifically written for the described tasks. The personal computing device includes at least a login software application, the application server includes at least a user registration software application and a login and access software application (collectively, application server software applications), and the identity server includes at least a user identity software application. All software applications on each type of computer - the personal computing device, the identity server, and the application server - also have encryption software that generates at least asymmetric keys and digital signatures to ensure secure communications between all three computer systems.

In one aspect of the present invention, a method is described for performing a secure user login procedure without a user-defined username or password, where the user's personal computing device connects to a software distribution service, downloads and installs a login software application on the personal computing device, and the login software application generates a private key and an associated public key that also serves as the user's anonymous identifier. In this disclosure, the public key is known only by the login software application on the personal computing device and the login and access software application on the application server. Upon execution, the login software application connects to the login and access software application on the application server and transmits the anonymous ID, which the application server records in a user registration database via the user registration software application. Once the user registration process is complete, the user can execute the login software application and request to login to the application server and identify themselves via the anonymous identifier, and the login process and the user anonymous identifier are verified by the login and access software application running on the application server. This eliminates the need for the user to enter a username and a system password that does not exist because it was never created. Similarly, such a login method between a personal computing device and an application server does not use biometric, fingerprint and face image files stored on the application server as passwords for login verification, as these factors are very accurate in identifying real users, allowing the application server to easily re-identify anonymous users.

For added security, the login software application executed on the personal computing device may be equipped with a screen lock device that is stored locally on the personal computing device and that the user must unlock to allow operation of the application to continue. Once the login software application is installed and executed, the login software application requests that the user unlock the screen lock device to ensure that it is being used by an authorized user of the personal computing device. Unlocking of the screen lock device can be done by a traditional PIN number or can be achieved through face or fingerprint authentication, depending on the security features present on the smartphone or tablet. Such a PIN or a digital representation of the user's face or fingerprint is not transmitted to the application server as a system password, and access to the personal computing device and the login software application is achieved by opening this local screen lock device. Failure to open the screen lock device prevents further use of the login software application and disallows the login procedure. Once the screen lock device has been successfully opened, the login software application takes over the login procedure from the user.

In another embodiment, it is important to absolutely verify the user identity so that the application server can trust user registration requests from users whose name identity is unknown. This requires the functionality of a separate and independent user identity verification server that already contains demographic user data. This server may authenticate the user's identity by demographic data including at least the user's name and contact details. This may be performed only once at the time of user registration, allowing the user to enter user settings including consent for the application server to use the user's personal data and other legal procedures. In this case, the user enters his name and all personal identification required to facilitate identity verification such as name, date of birth, sex, address, zip code, and official identification codes such as civil ID number, passport number, etc. Advantageously, these data can be obtained by photographing the user's ID card or driver's license using a personal computing device and using character recognition software on the personal computing device to automatically and reliably obtain the data of interest. The name and personal ID are then sent by the login software application on the personal computing device to a user ID verification server, which uses these personal IDs to search for the particular individual's personal record stored in a database and, upon locating the personal record, reads the person's known mobile phone number or email address. Useful identity verification servers include official government databases of national identity cards or driver's licenses departments and user databases of mobile phone operators or banks. Upon finding a match between the received personal ID and a personal record in the database, the user ID verification server sends a command to the user's known mobile phone number by creating a message or sends an email or other type of email to a known email account prompting a confirmation response by the user that is aware of and responsible for the ongoing new user registration procedure. Upon receiving a positive response, the user's identity is confirmed, the user's personal computing device is authenticated as the user's login and access device, and the identity verification software application on the identity verification server sends a command to the login software application that is authorized to complete installation on the personal computing device and become operational. In this authentication process, the user's login software application only needs to connect once to the identity verification server via a user identity verification software application, which verifies the user's identity and authenticates the login software application along with the personal computing device as the user's login and access device.

The authentication process verifies that the user's personal computing device is a valid login and access device, and login to the application server is performed solely by the login software application on the personal computing device without any other user intervention. The user may use other procedures to fully verify the user's identity, such as mailing a verification code to a known address of the user that must be keyed into the login software application to complete the installation, or to physically appear in person at a verification center for in-person verification. State-provided secure identity authentication methods are also useful.

In one embodiment, the anonymous identifier is sent in encrypted form to an identity server and recorded along with the user's name and personal identifier, so that the identity server can be used to re-identify the user at a later date if there is a legitimate need to do so.

It should be noted that upon subsequent login attempts to the application server, in most embodiments the login software application does not transmit the username, personal identifier, password, or any element that can be used to recover the known identity of the user. This is useful for processing valuable and sensitive personal data, where data needs to be retrieved but without being able to identify the user by name or receiving a personal ID that would allow the user to be re-identified.

During the installation process, the encryption key software program included in the login software application of the personal computing device generates a pair of encryption keys using the known method developed by Rivest, Shamir and Adleman (RSA) or, more preferably, the known method of the Elliptic Curve Digital Signature Algorithm (ECDSA), both of which are asymmetric encryption methods. Each pair of encryption keys comprises a private key and a public key, the use of which is widely known in the cryptography community, and will hereafter be referred to as encryption keys or private and public keys. Conveniently, the public key is used as the anonymous identifier of the user and is used only for login purposes at the application server of interest. In practice, multiple pairs of encryption keys may be generated for the need to login to as many different application servers of interest as possible, so that each public key/anonymous identifier can be used to login to only one application server. Although it is described as "public", it should be noted that in practice the user's public key is only known to the login and access software application of the application server and the login software application of the personal computing device, and remains secret to all other parties, including the user. This is an additional security feature. The reason is that the login process can only be initiated on the user's personal computing device on which the login software application is installed. Thus, the public key/anonymous identifier is effectively a confidential identifier of the user operating the personal computing device that is used to generate cryptographic keys and to securely log into the application server of interest without a traditional user-defined username and password. However, the anonymous identifier need not be identical to the cryptographic public key and, in fact, could be any other sufficiently complex number. In addition to the user, the identity server and the application server may also use software to generate their own cryptographic key pairs and to communicate securely with the user's login software application.

If not a public encryption key, the anonymous identifier can be any randomly generated number similar in length and complexity to the anonymous identifier generated as the public encryption key as described above.

An important feature of the public key/anonymous identifier is that it must be as close to unique as possible. The private encryption key is generated by a suitable encryption software program included in the login software application, which calculates the associated public key. A private key (and associated public key of the same or similar length) with at least 10 digits would allow a number to be assigned to every person on earth, but would be so short that it would not be possible to guarantee that two people would not receive the same number in the random number generation process. A number of at least 100 digits would significantly increase the spacing of the numbers, thereby decreasing the probability that two different people would be assigned the same random number, while using a number of 1000 or more digits would further increase security. In the current implementation of the method disclosed herein, 20 bytes of hexadecimal code representing 40 characters are used, and hash numbers can be as large as 204 bytes. As faster computers are developed, their complexity may increase in the future. Although anonymous identifiers can be considered as usernames or passwords, they cannot be considered as such, since they are not user-defined, user-memorable, or user-entered. Its length and lack of meaning makes it nearly impossible for a user to easily copy or remember even if it were easily accessible to the user, yet it remains hidden in the login software application of the user's personal computing device.

Such login processes, using public keys or random numbers used as anonymous identifiers, when sent by the login software application to the application server's login and access software application, allow the application server to consider them as valid and sufficient instruments to grant the user login access to the application server.

The actual length of the anonymous identifier will be determined by best practices in system implementation and the continued use of RSA or ECDSA systems or the adoption of new systems that are more secure against abuse or breach.

A method - unlikely but not impossible - to ensure that the anonymous identifier is unique and not already attributed involves a procedure by the identity verification server to search a user registration database containing anonymous identifiers and look for an exact match with the received anonymous identifier of the new user. If a match is found, the identity verification software application of the identity verification server issues a command to the login software application to regenerate a new private key or a new random number, which results in a new public key/anonymous identifier. Only when the identity verification server verifies that the new anonymous identifier is unique is the installation of the login software application instructed to be completed by the identity verification server.

By logging into a computer system and application server using the methods of the present application, a user can initiate the login and access procedure with a single click or touch on the login software application, which triggers the transmission of an anonymous identifier to the login and access software application, and login access is granted based solely on the received anonymous identifier.

With these operations and design features, a personal computing device equipped with a login software application and an anonymous identifier becomes a login device. It is no longer the user that logs in, but the personal computing device under the user's control. This characteristic is independent of whether an identity verification server is used to verify the user's identity.

For even greater security, digital signatures may be used. A digital signature is a mathematical scheme for verifying the authenticity of a digital message or document. A valid digital signature gives the recipient reason to believe that the message was created by a known sender (user authenticated), that the sender cannot deny sending the message (user cannot reject the message), and that the message was not altered in transit (integrity can be verified). Known digital signature methods include RSA-based signatures, DSA (Digital Signature Algorithm) signatures, and other methods, and use a randomly generated private key and an associated public key, where this key pair can be the same as that generated as described above in generating the anonymous identifier. In one embodiment of the present disclosure, the login software application includes digital signature software, which generates a byte sequence that is the digital signature, calculated using known mathematical operations of the user's private key applied to the contents of the message to be signed, where the contents of the message to be signed are the user's public key/anonymous identifier. The digital signature and the message itself are sent to an identity verification server or application server whenever it is necessary to verify that the message actually originated from the login software application or other user software application on the user's personal computing device.

The receiver can convert the received digital signature into a message containing the user's public key, read it, and compare it with the contents of the received message itself. If there is a match, the user is authenticated by the receiver. Similarly, the identity verification server digitally signs the command for the installation of the login software application to be secretly completed on the user's personal computing device by digitally signing the message using the identity verification server's private key, where the signing message is the user's public key/anonymous identifier. In this embodiment, only upon receiving this digitally signed message will the installation of the software login application proceed and be secretly completed on the personal computing device.

Once the login software application installation is completed in secret, the user uses the login software application to connect to an application server known to the login software application and to initiate a user registration procedure. A digital signature is useful here, particularly a digital signature generated by an identity server, which, when sent to the application server, provides assurances that the user exists, that the name ID has already been verified, that the anonymous identifier is an unknown but valid identifier of an authenticated person, and that the verification process was performed by a known identity server. With these assurances, the application server's user registration software application can record the user in a user registration database under the user's anonymous identifier.

It should be understood that while the login procedure is anonymous, the anonymous identifier is a unique code for the individual and resides on a personal computing device that may be further authenticated by an identity server as being under the individual's control. The anonymous identifier is difficult to copy, hack, or penetrate, thereby making the disclosed method a very secure login procedure. It should be noted that the login software application may be included in any other software application in which a provider desires to use the functionality of the login apparatus and method described in this disclosure.

Thus, when an application server receives a login request originating from a login software application where the user's identity has been verified and authenticated by an identity server, the application server grants access to the login request based solely on the user's anonymous identifier, provides a level of application functionality, and securely communicates with the authenticated but unknown user. This is the case when the application server processes sensitive personal data.

If the user's identity has not been verified by an identity verification server, the application server may allow access to the login request based solely on the user's anonymous identifier, which is appropriate in situations where absolute certainty of the user's name ID is not required. This is the case when the application server wishes to track the user's habits, visits, preferences or choices and the user is willing to share this information.

To the extent that the login procedure described in this disclosure is used not only to open a user session on a server computer but also whenever information is exchanged between a client and a server, thereby providing continuous validation of a user's anonymous identifier, the login procedure can be considered a continuous access validation procedure, and the expression login procedure also includes the meaning of a continuous access validation procedure.

In another aspect, a non-transitory computer-readable storage medium is described. The computer-readable medium has computer-executable instructions that, when executed, configure a processor of the personal computing device to execute the login software application to connect to a software distribution service, download and install a login software application on the personal computing device, generate an anonymous identifier, and transmit the anonymous identifier to an application server. Other instructions also configure a processor of the application server to receive and record the anonymous identifier in a user registration database. Upon using the login software application to log in to the application server by transmitting the anonymous identifier, the processor of the application server is configured to process the received anonymous identifier, attempt to match it with one of the entries in the user registration database, and finally grant the login software application and the user access to the application server.

In use, the disclosed login and access method provides a more convenient and practical way to log into a computer, which does not reduce security, and in fact enhances security, as compared to the prior art methods. By automating the process and placing it on the user's personal computing device, the user no longer needs to remember or write down multiple passwords, nor does he need to identify himself by a username. This significantly reduces key errors, incorrect passwords, and locked accounts caused by too many incorrect passwords entered in succession. However, the most important advantage is that the user simply selects the application server to connect to in the login software application, and successfully logs in with one action of a mouse click, finger tap, or other pointer action. In the absence of a system password, it is the personal computing device that takes over the process of logging in with an anonymous identifier. It should be noted that the disclosed method differs from current password management systems in which a login file present on the user's personal computing device contains one or more specific usernames and passwords defined by the user for each application server at registration time. In this prior art method, the personal computing device logs into the application server of interest by transmitting a user-defined and user-entered username and system password.

Other exemplary embodiments of the present application will become apparent to those of ordinary skill in the art after reviewing the following detailed description in conjunction with the drawings.

FIG. 1 is a block diagram of a system architecture used to download and install a login software application and verify a user's identity with an identity verification server according to an exemplary embodiment of the present disclosure. FIG. 2 is a block diagram of a system architecture used to securely log in to an application server according to an exemplary embodiment of the present disclosure. FIG. 1 is a block diagram of a personal computing device according to an exemplary embodiment of the present disclosure. FIG. 2 is a block diagram of an identity verification server according to an exemplary embodiment of the present disclosure. FIG. 2 is a block diagram of an application server according to an exemplary embodiment of the present disclosure. FIG. 2 is a block diagram of a method for digitally signing a message to verify that the message is valid according to an exemplary embodiment of the present disclosure. FIG. 2 is a block diagram of a method for digitally signing a message to verify that the message is valid according to an exemplary embodiment of the present disclosure. FIG. 2 is a block diagram of a method for digitally signing a message to verify that the message is valid according to an exemplary embodiment of the present disclosure. 4 is a flowchart of a method for downloading and installing a login software application on a personal computing device according to an exemplary embodiment of the present disclosure. 4 is a flowchart of a method for a personal computing device to securely log in to an application server according to an exemplary embodiment of the present disclosure.

In the drawings, numbers refer to similar elements and functions in the specification.

FIG. 1a is a block diagram of the computer architecture required to download and install the login software application of the present disclosure. This is the first step required to successfully install the login software application on a user's personal computing device. The login software application 100 resides on a software distribution service 105 on the Internet. A user operating a personal computing device 110, such as a smartphone, tablet, laptop computer, or personal computer, downloads the desired login software application 100 from the software distribution service 105. The user installs the login software application 100 on the user's personal computing device 110 according to the method described in FIG. 6.

The personal computing device 110 connects to an identity verification server 130 via a communications network 120. This server 130 searches a user database for a matching user and, if found, verifies the user's identity and enables the continued installation of the login software application 100 according to the method described in steps 600-630 of FIG. 6.

Figure 1b is a block diagram of an example of the computer architecture required to create a new user in the present disclosure. This is the second step in which the user's personal computing device sends a request to register this user to the interested application server after the login software application 100 is installed. The user executes the login software application 100 in the personal computing device 110 to connect to the application server 140 via the communication network 120 according to the method described in steps 700-730 of Figure 7. The login software application 100 sends the user's anonymous identifier and identity verification data if issued by the identity verification server when the optional authentication process is used. The application server 140 receives the user's anonymous identifier and identity verification data and, if successfully verified, records the user as a valid new user in its user registration database.

Figure 1b is also a block diagram of an example of the computer architecture required in the present disclosure to initiate a new login procedure for a user already registered in the user registration database 480 of the application server 140. This is the third step in which the login software application 100 of the user's personal computing device 110 sends a request to the interested application server 140 to initiate the login procedure after the new user has been successfully registered. The user executes the login software application 100 on the user's personal computing device 110 to connect to the application server 140 via the communication network 120 according to the method described in Figure 7. The login software application 100 transmits the user's anonymous identifier. The application server 140 receives the user's anonymous identifier and, upon successfully verifying the user's anonymous identifier according to the method described in steps 760-790 of Figure 7, allows the user to log in and initiate a user session with the application server 140.

Figures 1a and 1b show an example of the minimal computer architecture required for the anonymous login procedure of the present application. The identity verification server 130, if used, is used only once to verify the identity of the user and to authenticate the personal computing device 110 used to connect and log in to the application server 140.

2, an exemplary personal computing device 110 is shown in block diagram form. In this example, the personal computing device 110 comprises a main processor 240 that connects to various device subsystems, such as a communications subsystem 210, an input device 220, such as a keyboard, mouse or touch screen, and a display 230, such as a screen. It should be understood that the personal computing device 110 has many other components that are not individually identified.

The communications subsystem 210 is used to connect the personal computing device 110 to other computers, such as the software distribution service 105, the identity verification server 130, and the application server 140, to manage the data exchanges described in this disclosure, such as those involved in downloading and installing the login software application 100, user identity verification, user registration, transmission of the anonymous identifier, and initiating and terminating the login procedure.

The main processor 240 is associated with at least one memory 250 capable of storing data and processor executable instructions 260 which, when executed, configure the processor 240 to download the login software application 100 and generate a private key and an associated public key/anonymous identifier using an encryption software program 280 included in the login software application 100 according to one of the RSA or ECDSA methods or equivalent.

In FIG. 3, an exemplary identity verification server 130 is shown in block diagram form. In this example, identity verification server 130 includes a main processor 340 that connects to a communications subsystem 310. It should be understood that identity verification server 130 has many other components that are not individually identified.

The communications subsystem 310 is used to connect the identity verification server 130 to other computers, such as the personal computing device 110, to manage the data exchanges described in this disclosure, such as those involved in user identity verification and authentication of the personal computing device 110.

The main processor 340 is associated with at least one memory 350 capable of storing data and processor-executable instructions 360, which, when executed, configure the processor 340 to first receive a request for identity verification from the login software application 100 of the user's personal computing device, then execute the steps of the user identity verification software application 370, and finally issue a command 380 to the login software application 100 to continue the installation and to terminate successfully if the verification is successful.

In FIG. 4, an exemplary application server 140 is shown in block diagram form. In this example, the application server 140 is provided with a main processor 440 that connects to a communication subsystem 410. It should be understood that the application server 140 has many other components that are not separately identified.

The communications subsystem 410 is used to connect to other computers, such as the personal computing device 100, to manage the data exchange described in this disclosure, such as involving connection to the personal computing device 110 and receipt of information sent from the login software application 100 identified by an anonymous identifier.

The main processor 440 is associated with at least one memory 450 capable of storing data and processor executable instructions 460, which, when executed, configure the processor 440 to receive requests from the login software application 100 of the personal computing device 110 in the form of an anonymous identifier that is processed by the user registration software application 470 on the first connection and by the login and access software application 475 on all connections. On the first connection, the user registration software application 470 checks whether the anonymous identifier already exists and, if not, creates a new entry in the user registration database 480. On all connections, the login and access software application 475 verifies the validity of the anonymous identifier by matching the received anonymous identifier with the user registration database 480, which contains the anonymous identifier. If the anonymous identifier is successfully matched, the processor 440 configures the application server 140 to grant login access to the login software application 100 and open a user session 490.

Figures 5a, 5b, and 5c show block diagrams of a method of the present disclosure for digitally signing and verifying a message. In this case, the message being signed is an anonymous identifier.

In FIG. 5a, the login software application 100 of the personal computing device 110 uses a private cryptographic key 500 to digitally sign a message 510 that includes the anonymous identifier using known methods such as a digital signature algorithm to generate a digitally signed anonymous identifier message 520.

In FIG. 5b, the login software application 100 on the personal computing device 110 sends the digitally signed anonymous identifier message 520 and the anonymous identifier message 510 to the application server 140 using the communications network 120.

In FIG. 5c, digital signature software included in login and access software application 475 of application server 140 receives digitally signed anonymous identifier message 520 and anonymous identifier message 510, processes digitally signed anonymous identifier message 520 using known methods such as a digital signature algorithm, and compares the result of the processing to the message containing anonymous identifier 510. If the two representations are equal, application server 140 has assurance that the login or access request originated from the user identified by the anonymous identifier.

FIG. 6 illustrates an example in flow chart form of a method of the present disclosure for downloading a login software application 100, verifying a user's identity, and successfully installing it on a personal computing device 110.

In step 600, a user operates a personal computing device 110, such as a smartphone or tablet, and points it to a software distribution service 105, such as the App Store, Google® Play, or a software distribution web server, to download the desired login software application 100. Using a personal computer, the user accesses the software distribution web server 105 and downloads the desired login software application 100. The user initiates the installation of the login software application 100 on the personal computing device 110.

During the installation process, the login software application 100 prompts the user to enter a screen lock device code, such as a four, six or more digit numeric or alphanumeric PIN, a photograph of the face or fingerprint, or use of other means of biometric recognition capabilities present on the personal computing device 110. This screen lock code and device remains on the personal computing device 110 and no digital representation of it is transmitted to an external party, such as the identity verification server 130 or application server 140. This is a locally stored code. This embodiment is particularly useful in applications involving the processing of sensitive personal data, where it is important to protect the personal computing device 110 from unauthorized access and use as a login device.

In other embodiments, particularly in enterprise systems, the user needs to be known so that the application server 140 can recognize the user as a valid member of the organization, and in this case the installation of the login software application 100 includes the user entering their name, username, personal ID, preferences and other information of interest that may have been submitted during user registration. The difference with current login systems is that no password is generated by the user or stored on the enterprise application server 140. In all embodiments, login is accomplished by the user opening at least the screen lock device on the login software application 100 and selecting and clicking or touching the login button of the application server 140 of interest.

Step 610 describes an aspect of an embodiment where the login software application 100 and the personal computing device 110 need to be authenticated while absolutely verifying the user's identity. If not, operation proceeds to step 635. If so, the login software application 100 connects to the identity verification server 130, which contains a large amount of personal data that is likely already known about the current new user and therefore recorded in the identity verification database. Upon receiving the user's name and personal ID, the identity verification software application 370 of the identity verification server 130 uses the user's identity details to find an identical user in its own database. Upon finding it, the identity verification software application 370 reads the contact details of the found user record, such as the user's mobile phone number, email address or other electronic address, and sends a text message to the mobile phone or an email message to the user's email, requesting the owner to verify their name and whether they are the initiator of the new user registration procedure. This verification can be as simple as a simple click or touch of a link displayed on the screen of the personal computing device 110. Clicking on this link sends the user's actual confirmation of the received information back to the identity verification server 130 on the personal computing device 110, known as a smart phone, tablet or computer. The confirmation can be made even more secure by including a numeric code in the text message or email, which the user is then asked to manually enter into the login software application 100, a highly secure procedure used by banks and state agencies. After the user enters their response and the login software application 100 submits it, the login software application 100 waits for a response from the identity verification server 130.

In step 620, the identity verification software application 370 processes the response received or not received from the user. A decision can be made by the identity verification software application 370 based on the user input - positive or negative - or it can be determined to be negative if there is no response after a certain period of time, e.g., 60 seconds, counted by a timer included in the identity verification software application 370 running on the identity verification server 130.

If the user responds negatively or there is no response, in step 625, the identity verification software application 370 sends the command that the login software application 100 on the user's personal computing device 110 was waiting for, in this case the command is to stop the installation of the login software application 100 on the user's personal computing device 110.

If the user response is positive and received within a preset time, then in step 630 the identity verification software application 370 sends the user identity verification data (timestamp, verification number, name and address of identity verification server 130) and a command to the login software application 100 that allows the installation to proceed. Both are recorded by the login software application 100.

In step 635, the login software application 100 uses the encryption software program 280 to generate an encrypted private key and public key/anonymous identifier for the user.

In step 640, the login software application 100 contacts the login and access software application 475 of the application server 140 and requests a new user registration procedure for the user identified by the anonymous identifier. After the command is sent, the login software application 100 waits for a response from the application server 140.

In step 650, the login and access software application 475 of the application server 140 tests whether the request is from an authentic copy and valid installation of the login software application 100, which is accomplished by known cryptographic methods.

If the test is not successful, then in step 655, the login and access software application 475 of the application server 140 rejects the request for a new user registration procedure and sends a command to the login software application 100 to terminate operation. If the test is successful, then in step 660, the login and access software application 475 sends a command to the login software application 100 to continue operation and send the user's encrypted public key/anonymous identifier and user identity verification data, if necessary, to the application server 140.

In step 670, the login and access software application 475 of the application server 140 receives the transmitted encrypted public key/anonymous identifier and user identification verification data, if required, from the login software application 100 and creates the new user in the user registration database 480 via the user registration software application 470.

In step 680, if the application server 140 has successfully recorded the new user, a command sent by the login and access software application 475 is sent to the login software application 100 to inform it that the installation of the login software application can be recorded as successful. The login software application 100 records the name of the application server 140 as the computer system that verified the user for the login operation and authenticated the software login application 100 with the personal computing device 110 as the login device. Only login software applications 100 that have been successfully installed up to this point will be recognized by the login and access software application 475 of the application server 140 of interest that receives the incoming login request. If this fails, no more login attempts are allowed by the application server 140.

FIG. 7 illustrates an example in flow chart form of a method of the present disclosure for logging into an application server 140 with an anonymous identifier without a username or password after the login software application 100 has been successfully installed on a user's personal computing device 110.

In step 700, the user executes the login software application 100 on the personal computing device 110 and is prompted to unlock the screen lock device previously defined in step 600.

In step 710, the login software application 100 of the personal computing device 110 tests the unlock input to the screen lock device to determine whether it is valid or invalid. A valid entry is an entered PIN that matches a PIN defined during installation of the login software application 100 or the user's face or fingerprint as recognized by the biometric authentication capabilities of the personal computing device 110.

If the unlock input to the screen lock device is deemed invalid in step 715, the login software application 100 denies continued operation to the user. If it is deemed valid in step 720, continued operation is permitted and the user may select an application server 140 for login in the login software application 100 if there are multiple locations where the user is permitted to log in.

In step 730, a connection is made to the selected application server 140 and a login procedure is requested.

In step 740, the login and access software application 475 on the application server 140 tests whether the request is from a genuine copy and valid installation of the login software application 100, which may be accomplished by known cryptographic methods. To verify that the copy of the login software application 100 is legitimate, the login and access software application 475 may query the command sent to the login software application 100 in steps 660 and 670 to see if it exists and is the same as the one originally issued.

If the test is not successful, in step 745, the login and access software application 475 of the application server 140 sends a command to the login software application 100 to deny login access and terminate operation. Identification details of the login software application 100 and the personal computing device 110 and other identification details may be logged by the application server 140 in a security log file.

If the test is successful, in step 750, the login and access software application 475 of the application server 140 allows the user login procedure to proceed and sends a command to the login software application 100 to send the user's public key/anonymous identifier.

In step 760, the login and access software application 475 in the application server 140 receives the public key/anonymous identifier and searches the user registration database 480 for a matching anonymous identifier. In step 770, the login and access software application 475 in the application server 140 tests whether a match is found.

If no match is found in step 775, the login and access software application 475 denies the user login access to the login software application 100. If a match is found in step 780, the login and access software application 475 allows the user login access to the login software application 100. In step 790, a user session is initiated with the application server 140 using these or other software applications residing on the personal computing device 110 or the application server 140. The user session ends in step 795 when the user issues a logout command on the login software application 100 or the application server 140 or if a pre-configured timeout device of the login software application 100 or the login and access software application 475 is triggered after a predetermined period of inactivity.

The present invention allows users to securely log into an application server with one click or touch, and in the preferred embodiment herein, there are no usernames or user-memorable usernames, no identifying information is revealed, and there are no passwords, but the user is securely identified and authenticated by the user's anonymous identifier.

In the foregoing description of exemplary embodiments of the invention, it should be understood that various features of the invention are sometimes grouped together in a single embodiment, figure, or description thereof to streamline the disclosure and aid in understanding one or more of the various inventive aspects. However, this method of disclosure should not be interpreted as reflecting an intention that the claimed invention requires more features than are expressly recited in each claim. Rather, inventive aspects lie in less than all features of a single disclosed embodiment described above, and each embodiment described herein may have more than one inventive feature.

Although the present invention has been particularly shown and described with reference to embodiments thereof, it will be understood by those skilled in the art that various other changes in form and detail may be made therein without departing from the spirit and scope of the invention.

Claims (10)

1. A method for performing a secure user login procedure in an application server, comprising:
a. a processor 240 of a user's personal computing device 110 downloads and installs a login software application 100 onto said personal computing device 110 and generates an anonymous identifier;
b. the processor 240 of the personal computing device 110 executes the login software application 100 on the personal computing device 110, connects to an application server 140 of interest, and transmits the user's anonymous identifier to the application server 140 ;
c. a processor 440 of the application server 140 receiving, via a user registration software application 470 of the application server 140, the anonymous identifier of the user and recording the anonymous identifier of the user in a user registration database 480 of the application server 140;
d. the processor 440 of the application server 140 receiving a login or access request from the personal computing device 110, the login or access request including a user's anonymous identifier, verifying that the user's anonymous identifier is a known anonymous identifier, and granting the user access to the application server 140 via a login and access software application 475 of the application server 140 ;
Equipped with
The method, wherein during a login procedure, the processor 240 of the personal computing device 110 performs a login procedure without disclosing a user ID in the form of a user-defined username and without using a system password to access the application server 140 via a login software application 100 of the personal computing device 110, the user being identified by an anonymous ID and not requiring manual or biometric login input from the user. The installation process of the login software application 100 comprises a user identification verification step, the user identification verification step comprising:
a. the processor 240 of the personal computing device 110 accepting a user action to input a name and personal identifier ;
b. the processor 240 of the personal computing device 110 transmits the name and the personal identifier to an identity verification server 130;
c. a processor 340 of the Identity Verification Server 130, via an Identity Verification Software Application 370 of the Identity Verification Server 130, performs a match between the received data and stored names and personal identifiers;
d. when the processor 340 of the identity verification server 130 obtains a match, reading, by the identity verification software application 370 of the identity verification server 130, from the matched user's data, a known contact number or electronic address of the user of the user's personal computing device 110;
e. the processor 340 of the identity verification server 130 sends a command via the identity verification software application 370 of the identity verification server 130 to the personal computing device 110 of the user to a known contact number or electronic address of the matched user to prompt the user for a confirmation response;
f. the processor 240 of the personal computing device 110 responding to the verification prompt of the user's personal computing device 110 transmitting a response to the identity verification server 130;
g. upon receiving the user verification, the processor 340 of the identity verification server 130 sends a command to the personal computing device 110 that the user's identity has been verified and that installation may be completed;
Equipped with
The method of claim 1 , wherein the identity verification server 130 only needs to be contacted once by the user's login software application 100, and the identity verification software application 370 verifies the user's identity and authenticates the login software application 100 together with the personal computing device 110 as the user's login and access device. The method of claim 1 , wherein the anonymous identifier is a public cryptographic key of at least 10 characters derived from a private cryptographic key randomly generated in an asymmetric system. The method of claim 1 , wherein the anonymous identifier is any randomly generated character of at least 10 characters . The method of claim 1 , wherein the login or access request is a single user action. The method of claim 1, wherein receipt by the application server 140 of a login request originating from the login software application 100 is deemed valid and sufficient to grant the user login access to the application server 140. The method of claim 6, wherein receipt by the application server 140 of the login request is authenticated by an identity verification server 130 as being associated with a valid anonymous identifier. A login device comprising a personal computing device 110, a login software application 100 and an anonymous identifier, the login device transmitting the anonymous identifier to a login and access software application 475 of an application server 140 and being recognized by the login and access software application 475 as an authorized device for initiating a login procedure and being granted access solely based on a match between the anonymous identifier received by the login and access software application 475 and one of a plurality of anonymous identifiers stored in a user registration database 480 of the application server 140. When executed by processor 240 of personal computing device 110 and processor 440 of application server 140, each processor
a. downloading and installing a login software application 100 onto a user's personal computing device 110 and generating an anonymous identifier;
b. executing said login software application 100 on said personal computing device 110, connecting to an application server 140 of interest and transmitting the user's anonymous identifier to a user registration software application 470;
c. receiving and recording, by said user registration software application 470, an anonymous user identifier in a user registration database 480 of said application server 140;
d. receiving, at the application server 140, a login or access request from the login software application 100 of the personal computing device 110, the login or access request including a user's anonymous identifier, verifying that the user's anonymous identifier is a known anonymous identifier, and granting the user access to the application server 140 via a login and access software application 475;
and
At least one non-transitory machine-readable storage medium, during which a user performs a login procedure without disclosing a user identity in the form of a user-defined username and without using a system password to access said application server 140 via a login software application 100, wherein the user is identified by an anonymous identity and does not require manual or biometric login input from the user. When executed by the processor 240 of the personal computing device 110 and the processor 340 of the identity verification server 130, each processor
a. accepting a user's actions of entering a name and personal identifier into the login software application 100;
b. transmitting said name and said personal identifier from said login software application 100 to said identity verification server 130;
c. matching the received data with stored names and personal identifiers at said identity verification server 130 by an identity verification software application 370;
d. upon obtaining a match, reading, by said identity verification software application 370, from the matched user's information, a known contact number or electronic address of the user on the user's personal computing device 110;
e. sending a command from the identity verification software application 370 of the identity verification server 130 to a known contact number or electronic address of the matched user on the personal computing device 110 of the user to prompt the user for a verification response;
f. when the user responds to a verification prompt on the personal computing device 110, transmitting a response from the personal computing device 110 to the identity verification software application 370 on the identity verification server 130;
g. upon receiving user verification, sending a command from said identity verification software application 370 to said login software application 100 of the user that the user's identity has been verified and that installation of said login software application 100 may be completed on said personal computing device 110 ;
and
The identity verification server 130 only needs to be contacted once by the user's login software application 100, and the identity verification process authenticates the login software application 100 together with the personal computing device 110 as the user's login device, and at least one other non-transitory machine-readable storage medium.

Images